CVE-2007-0139 - Vulnerability Details - OpenCVE

Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Openvms

Configuration 1 [-]

OR	cpe:2.3:a:hp:openvms:7.3::openvms_vax:::::
	cpe:2.3:a:hp:openvms:7.3_2::openvms_vax:::::

No data.

References

Link	Providers
ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt
ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt
http://osvdb.org/32583
http://osvdb.org/32584
http://osvdb.org/32585
http://osvdb.org/32586
http://secunia.com/advisories/23636
http://www.vupen.com/english/advisories/2007/0063

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T11:00:00

Updated: 2024-08-07T12:03:37.223Z

Reserved: 2007-01-08T00:00:00

Link: CVE-2007-0139

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-09T11:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0139

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain \"unintended privileged access to data and system resources\" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-01-11T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32583", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32583"}, {"name": "32586", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32586"}, {"name": "32584", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32584"}, {"name": "32585", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32585"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt"}, {"name": "ADV-2007-0063", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0063"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt"}, {"name": "23636", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23636"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain \"unintended privileged access to data and system resources\" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32583", "refsource": "OSVDB", "url": "http://osvdb.org/32583"}, {"name": "32586", "refsource": "OSVDB", "url": "http://osvdb.org/32586"}, {"name": "32584", "refsource": "OSVDB", "url": "http://osvdb.org/32584"}, {"name": "32585", "refsource": "OSVDB", "url": "http://osvdb.org/32585"}, {"name": "ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt", "refsource": "CONFIRM", "url": "ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt"}, {"name": "ADV-2007-0063", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0063"}, {"name": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt", "refsource": "CONFIRM", "url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt"}, {"name": "23636", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23636"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:37.223Z"}, "title": "CVE Program Container", "references": [{"name": "32583", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32583"}, {"name": "32586", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32586"}, {"name": "32584", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32584"}, {"name": "32585", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32585"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt"}, {"name": "ADV-2007-0063", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0063"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt"}, {"name": "23636", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23636"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0139", "datePublished": "2007-01-09T11:00:00", "dateReserved": "2007-01-08T00:00:00", "dateUpdated": "2024-08-07T12:03:37.223Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:openvms:7.3:*:openvms_vax:*:*:*:*:*", "matchCriteriaId": "2BC2EC9D-F494-45CE-9406-59CB2DBAAE53", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:openvms:7.3_2:*:openvms_vax:*:*:*:*:*", "matchCriteriaId": "B0456600-D516-4BFA-B314-DC31F4131E41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain \"unintended privileged access to data and system resources\" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la caracter\u00edstica DECnet-Plus 7.3-2 en DECnet/OSI 7.3-2 para OpenVMS ALPHA, y la caracteristica DECnet-Plus 7.3 en DECnet/OSI 7.3 para OpenVMS VAX, permite a atacantes remotos obtener \"acceso privilegiado no previsto a los datos y recursos del sistema\" a trav\u00e9s de vectores no especificados, relaci\u00f3n con 1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, y (4) [SYSMGR]CTF$STARTUP.COM."}], "id": "CVE-2007-0139", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-09T11:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32583"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32584"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32585"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32586"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23636"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32585"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23636"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}